Wednesday, 21 May 2014

U.S.-CHINA: Symbolic Indictment of Chinese Hackers

In an unprecedented move, the U.S. Justice Department has charged five officers in the People’s Liberation Army (PLA) with crimes related to cyber espionage. A grand jury in Pittsburgh, Pennsylvania has indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.

China’s Foreign Ministry released a statement condemning the charges as grossly violating the basic norms governing international relations. China demanded that the U.S. withdraw the charges. “The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets. The U.S. accusation against Chinese personnel is purely ungrounded and absurd,” the statement said. In response, Beijing has suspended the U.S.-China Cyber Working Group, a dialogue platform for cyber issues.

Chinese state media labelled the United States a mincing rascal and high-level hooligan on Wednesday in response to Washington charging five Chinese military officers with hacking U.S. companies to steal trade secrets.

The defendants are identified as Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, all officers in the PLA’s Unit 61398. The victims are Westinghouse Electric Co; U.S. subsidiaries of SolarWorld AG; U.S. Steel; Allegheny Technologies Inc. (ATI); the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW); and Alcoa Inc.

The charges were the first ever to be filed against known state actors for infiltrating U.S. commercial targets by cyber means. They were also the first criminal hacking charge the U.S. has filed against specific foreign officials, and follows a rise in public criticism and private confrontation between the world's two biggest economies over cyber espionage. For the U.S. Attorney General the case “should serve as a wake-up call to the seriousness of the ongoing cyber-threat. These criminal charges represent a groundbreaking step forward in addressing that threat.”

The U.S. Attorney General provided specific examples of how the alleged hacking worked. While Westinghouse was in the midst of negotiations with a Chinese state-owned enterprise over constructing nuclear power plants, the hackers stole trade secret designs for components of those plants. The hackers also stole cost, pricing, and strategy information from SolarWorld at the same time that Chinese competitors were driving SolarWorld out of the Chinese market.

The Obama administration has been emphasizing cyber espionage as an issue in U.S.-China relations since early 2013, when a series of public reports of Chinese hacking appeared. However, this is the first time that the U.S. government has proved specific details on allegations of Chinese hacking, including names, dates, and the type of information stolen. This may be the first such case, but it apparently won’t be the last.

Furthermore, a new industry report says that the Chinese government has expanded the
scope of its cyber espionage despite the greater public scrutiny these
operations received in 2013. The new report was published by Mandiant, now part of FireEye, the same
company that in February 2013 published the much discussed APT1 report directly linking a unit of the People’s Liberation
Army to a massive cyber espionage campaign against foreign businesses. APT1 was
the hacking unit the report profiled.

The APT1 report was one of a number of very public exposures of China’s cyber
operations in 2013. Others included the New York Times its website had been revealing repeatedly targeted by China-based hackers (a unit
called APT-12) after the newspaper published an article tracing the massive
wealth senior Chinese leaders accumulated while in power.

The Mandiant and New York Times’ reports led the Obama
administration to raise the profile of cyber issues in U.S.-China relations, an
effort that was partially undercut by the subsequent Edward Snowden leaks. The U.S.
Defense Department also began more openly discussing Chinese cyber operationsagainst the U.S. military
and defense industrial base.

In its new annual report, M-trends, Mandiant explains that the “release of the
APT1 report in February 2013 provided a unique opportunity to observe whether
revelations of China’s state-sponsored cyber activity could spur a diplomatic
solution to the problem of nation-state cyber espionage on behalf of private
sector entities. The decision to go public and charge specific Chinese individuals with crimes suggests that Obama feels diplomacy with China is not making sufficient progress on this issue. Cyber-security and cyber espionage have been raised repeatedly at high-level meetings.

Indeed, the Chinese government is expanding the scope of its cyber operations, and China-based advanced threat actors are keen to acquire data about how business operate--not just about how they make their products. Instead of simply targeting intellectual property, the suspected state-run Chinese hackers are now trying to steal information about how these business work and how executives and key figures make decisions.

Examples of the kind of data the Chinese hackers are now targeting include:
executive emails, business processes, negotiations plans, budgetary
information, organizational charts, meeting minutes, human resources records,
and programs and initiatives. The expansion beyond stealing just intellectual
property comes at a time when the Chinese government is hoping to make their
large state-owned enterprises run more efficiently, which this type of data
would facilitate.

The charges are sure to create a major backlash in China, which has always denied any involvement in hacking activities. Beijing will undoubtedly point to U.S. cyber espionage activities as evidence of U.S. hypocrisy. Documents leaked by former NSA contractor Edward Snowden revealed hacking by the National Security Agency into universities and businesses in Hong Kong and mainland China, including extensive hacking into telecommunications giant Huawei. Beijing might seek to retaliate by bringing its own charges against the NSA or other U.S. agencies for their hacking activities. China’s Foreign Ministry has already demanded an explanation for the U.S. hacking activities, a call it renewed after the indictment of the PLA officers.

The case against the PLA officers is unlikely to move forward, as there’s no chance China will extradite the accused to the U.S. for prosecution. It’s mostly a symbolic move, then, designed to demonstrate Washington’s strong dissatisfaction with China’s hacking activities. It also signals that the U.S. does have concrete evidence of Chinese hacking, evidence Beijing has always insisted on seeing.